Is your feature request related to a problem? Please describe.
BankID have announced a new API version, API 6.0 (as described in Relying Party Guidelines V6.0. We should implement that one.
What area is it related to
API
Core
Describe the solution you'd like
Imeplement necessary features.
Additional context
Below is an overview of changes needed.
General
[x] Update API version.
Auth/Sign > Request
[x] Removed: personalNumber is removed. Use Secure Start instead.
Auth/Sign > Request > Requirements
[x] Removed: For certificatePolicies one of the valid values is removed. Specifically the one related to Nordea ("1.2.752.71.1.3" - Nordea e-id on file and on smart card) is removed.
[x] Removed: autoStartTokenRequired is removed.
[x] Removed: tokenStartRequired is removed.
[x] Removed: issuerCn is removed.
[x] Changed: allowFingerprint is renamed and the meaning is "inverted". It is now called pinCode and has the opposite meaning. Instead of allowing fingerprint/biometrics you now instead can require the usage of pin code from the end user. This value will default to false.
[x] Changed: mrtdRequired is renamed into mrtd. This feature/property wasn't described in Relaying Party Guidelines 3.8 but was an "undocumented" feature it seems. The description is: "If present, and set to "true", the client needs to provide MRTD (Machine readable travel document) information to complete the order. Only Swedish passports and national ID cards are supported.".
[x] Added: personalNumber is a new property that can be used to ensure that the user that scanned the identified/signed through BankID has a specific swedish personal identity number. Note: This is not the same thing as starting a flow for a specific person, but rather for verification. Example: The user identifies through BankID, you then want the same user to identify and then you can pass this parameter as you know the personalNumber for that person.
Collect > Response
[x] Added: callInitiator is a new property. The description is: "Indicates whether RP or user initiated a phone/auth, if phone authentication.".
Collect > Response > CompletionData
[x] Removed: cert is removed.
[x] Removed: notBefore (a subproperty of cert) is removed.
[x] Removed: notAfter (a subproperty of cert) is removed.
[x] Changed: hintCode has a new possible value called userMrtd with the description "Order is pending. A client has launched and received the order but additional steps for providing MRTD information are required to proceed with the order. The RP should inform the user using message RFA23.".
[x] Added: uhi is a new subproperty of device.
[x] Added: bankIdIssueDate is new property with the description: "The date the BankID was issued to the user. The issue date of the ID expressed using ISO 8601 date format YYYY-MM-DD with a UTC time zone offset".
[x] Added: stepUp is a new object.
[x] Added: mrtd is a new property of the object stepUp. The description is: "true if the mrtd check was performed and passed, false if the mrtd check was performed and failed".
Recommended user messages
[x] RFA2 - Swedish and English Updated
[x] RFA3 - English Updated
[x] RFA5 - Swedish and English Updated
[x] RFA6 - Swedish and English Updated
[x] RFA8 - Swedish and English Updated
[x] RFA14 (A) - Remove
[x] RFA14 (B) - Remove
[x] RFA15(A) - Swedish and English Updated
[x] RFA15(B) - Swedish and English Updated
[x] RFA16 - Swedish and English Updated
[x] RFA17(A) - Swedish and English Updated
[x] RFA17(B) - Swedish and English Updated
[x] RFA20 - Swedish and English Updated
[x] RFA23 - New
Tests
[x] Verify that if pinCode is required, only pinCode is allowed for the authentication in the BankId App.
[x] Verify that if mrtd is required, the user is required to present travel documentation in the BankId App.
[x] personalNumber
[x] Verify that if personalNumber is provided in the requirements, no other user can complete the authentication.
[x] Verify that the errorCode result in a recomended user message.
Is your feature request related to a problem? Please describe. BankID have announced a new API version, API 6.0 (as described in Relying Party Guidelines V6.0. We should implement that one.
What area is it related to
Describe the solution you'd like
Additional context Below is an overview of changes needed.
General
Auth/Sign > Request
personalNumber
is removed. Use Secure Start instead.Auth/Sign > Request > Requirements
certificatePolicies
one of the valid values is removed. Specifically the one related to Nordea ("1.2.752.71.1.3" - Nordea e-id on file and on smart card) is removed.autoStartTokenRequired
is removed.tokenStartRequired
is removed.issuerCn
is removed.allowFingerprint
is renamed and the meaning is "inverted". It is now calledpinCode
and has the opposite meaning. Instead of allowing fingerprint/biometrics you now instead can require the usage of pin code from the end user. This value will default tofalse
.mrtdRequired
is renamed intomrtd
. This feature/property wasn't described in Relaying Party Guidelines 3.8 but was an "undocumented" feature it seems. The description is: "If present, and set to "true", the client needs to provide MRTD (Machine readable travel document) information to complete the order. Only Swedish passports and national ID cards are supported.".personalNumber
is a new property that can be used to ensure that the user that scanned the identified/signed through BankID has a specific swedish personal identity number. Note: This is not the same thing as starting a flow for a specific person, but rather for verification. Example: The user identifies through BankID, you then want the same user to identify and then you can pass this parameter as you know the personalNumber for that person.Collect > Response
callInitiator
is a new property. The description is: "Indicates whether RP or user initiated a phone/auth, if phone authentication.".Collect > Response > CompletionData
cert
is removed.notBefore
(a subproperty ofcert
) is removed.notAfter
(a subproperty ofcert
) is removed.hintCode
has a new possible value calleduserMrtd
with the description "Order is pending. A client has launched and received the order but additional steps for providing MRTD information are required to proceed with the order. The RP should inform the user using message RFA23.".uhi
is a new subproperty ofdevice
.bankIdIssueDate
is new property with the description: "The date the BankID was issued to the user. The issue date of the ID expressed using ISO 8601 date format YYYY-MM-DD with a UTC time zone offset".stepUp
is a new object.mrtd
is a new property of the objectstepUp
. The description is: "true if the mrtd check was performed and passed, false if the mrtd check was performed and failed".Recommended user messages
Tests
Documentation